git.ipfire.org Git - thirdparty/kmod.git/commit

author	Tobias Stoeckmann <tobias@stoeckmann.org>
	Tue, 10 Feb 2015 18:46:40 +0000 (19:46 +0100)
committer	Lucas De Marchi <lucas.demarchi@intel.com>
	Tue, 17 Feb 2015 16:10:31 +0000 (14:10 -0200)
commit	249dc5909b09db72cc8958b382d8393235b70afd
tree	7608692e3a76c1bd7f303abd0e9b0678d8a3b5ab	tree \| snapshot
parent	246d67d493510df1547260d968937f4984f148e0	commit \| diff

libkmod: properly validate file size

In function kmod_elf_new, the file size has to be properly validated against
section offset. Currently, the file size is considered valid based on
ELF header size + section header size * section count. That is not sufficient.

In fact, ELF specifies a section header offset, which doesn't have to be the
size of the ELF header. The supplied test cases even cover this.

The correct test is: section offset + section header size * section count

This patch also verifies that this value won't overflow. I don't know a way
to crash a tool due to this bug, because later on the offset check would
prevent out-of-bounds access. An overflow would just mean to access a wrong
part in elf->memory. Yet it's a validation error.

Please note: The file size does not have to be validated against the size
of the ELF header again, elf_identify did this already.